Interestingly, after reporting last Friday ‘Black Screen woes could affect millions on Windows 7, Vista and XP’, and causing a furor amongst IT pros, users and the media, Prevx apologized for claiming a patch applied by Windows Update was the cause of the so-called ‘Black Screen of Death’.
In last week’s post, Prevx stated:
If you Google Black Screen then you will find a whopping 80 Million plus results, mostly dominated by people searching for a fix to this problem. Thousands of users have resorted to reloading Windows as a last ditch effort to fix the problem, avoid that at all cost. We hope we can help a good many of you avoid the need to reload.
Clicking on the link provided in Prevx’s blog post, and the search results are nowhere close to the “whopping 80 Million plus results” Prevx claimed in its blog post. In fact, the number is inflated by almost 100%, and there’s a good chance it’s not 40 million users facing the issue, or even 20, 10, or 1 million.
On Monday (11/30), Microsoft said it is investigating the issue. A Microsoft representative also said:
Based on our investigation so far we can say that we’re not seeing this as an issue from our support organization. The issues as described also do not match any known issues that have been documented in the security bulletins or (knowledge base) articles.”
On Tuesday (12/1), Microsoft’s Security Response Communications lead Chris Budd said in a statement:
The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports.
Microsoft also said it had not been contacted by Prevx before going public with the issue. More in Microsoft: November security updates are fine on News.com.
Prevx backtracked in a follow-up post yesterday (12/1):
Having narrowed down a specific trigger for this condition we’ve done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.
Prevx apologized for the faux pax. However, its original post and the follow-up apology says nothing about informing Microsoft about a potential issue caused by a patch.
Tempting as it is to rush to blog and tweet about a critical bug or security issue one may have discovered, the responsible behavior is to contact the vendor, report the issue and request or even demand an investigation and a fix. As a customer you have every right to do so, and depending on the severity and impact of an issue, expect a fix within a reasonable time frame. If the vendor does not investigate or provide any explanation, go public.
This is not to say that the “black screen” issue many users may have been facing isn’t real, but it’s no excuse for insufficient testing, irresponsible reporting, and inflating the impact (quite dramatically in this case).